Mac OS X Virus/Trojan Summary

macrumors bot

The announcement of the release of a Mac OS X trojan/virus/worm yesterday has drawn a lot of attention, confusion and significant misinterpretation. While much of the attention was aimed at the "virus vs trojan" distinction, this energy was misguided.

On the one hand, some users were quick to dismiss it as a simple "trojan" that anyone could easily script in minutes. While the application was setup to trick the end-user into launching it, the resultant actions it took were far more sophisticated as it was designed to inject itself into other applications on the users' hard drive. Despite much confusion on this detail, most users were not prompted for the administrator password before the file modifications took place. (The Application directory is writable by the Admin accounts which most Mac OS X user accounts are established as, by default.)

On the other hand, several saw this as a much more ominous sign for the Mac platform. However, this application itself is of a rather limited threat by the nature of its propogation -- and no particular Mac OS X vulnerability exists which allows the unimpeded transmission of a virus. Unless you specifically downloaded and launched this file, there is no way your Mac could have been infected.

The signficance of this event is simply the intention behind the release of such malware under Mac OS X.

macrumors 6502

I read the whole thing on the Symantec website, but I'm still a little confused. What would the end-user see? I know what the malware technically did, but what did it visually do? What was it's purpose?

macrumors 68030

Scary. For real - this is the first time ever I have doubted the security of my Mac.

Click to expand...

Same here. I feel a lot better now, though. This exploit definitely did open my eyes to security flaws and how to protect myself from them. While there is no real Mac "virus", this trojan certainly had a lot of Mac users on the edges of their seats. To tell you the truth, I can see another trojan like this one happening, but in a more serious fashion. The instructions were practically unveiled to the public... no offense to MacRumors.

But hey, this isn't scary. If you have common sense and take precaution, a future trojan can be easily avoidable. I'm sure Apple will release some sort of patch to aid users in the future.

I'm still relieved it isn't an actual virus... if it was, then I'd scared.

macrumors G3

Now we just have to see how Apple compares to Microsoft on turn around updates.

Click to expand...

I think they have to figure out just what to do first. Change all applications to be owned by root? Or tell users not to double-click on unknown files (which I stopped doing altogether after the MP3 proof-of-concept)

Guest

Same here. I feel a lot better now, though. This exploit definitely did open my eyes to security flaws and how to protect myself from them. While there is no real Mac "virus", this trojan certainly had a lot of Mac users on the edges of their seats. To tell you the truth, I can see another trojan like this one happening, but in a more serious fashion. The instructions were practically unveiled to the public... no offense to MacRumors.

But hey, this isn't scary. If you have common sense and take precaution, a future trojan can be easily avoidable. I'm sure Apple will release some sort of patch to aid users in the future.

I'm still relieved it isn't an actual virus... if it was, then I'd scared.

macrumors 65816

How do you patch against users downloading and running applications from people they don't know?

Click to expand...

You cant, but Apple could make the OS look at any downloaded file and see if it contains a executable, and notify the user of this, maybe as other posters have mentioned on another thread, by making the icon and text have a "glow" to them that is only visible on executable files. Sounds like it is a step in the right direction for those less-knowing Mac users.

macrumors 68000

Despite much confusion on this detail, most users were not prompted for the administrator password before the file modifications took place. (The Application directory is writable by the Admin accounts which most Mac OS X user accounts are established as, by default.)

Click to expand...

Isn't this the key issue here? - I assumed Windows was the only OS that allowed this kind of access by default. Could provide Apple with a little usability challenge.

(I've since created a new admin account and demoted my day-to-day account to 'standard')

macrumors 68030

You cant, but Apple could make the OS look at any downloaded file and see if it contains a executable, and notify the user of this, maybe as other posters have mentioned on another thread, by making the icon and text have a "glow" to them that is only visible on executable files. Sounds like it is a step in the right direction for those less-knowing Mac users.

Click to expand...

This sounds like a good idea. Patch it in a stealthy manner, but nothing over bloated like separate software running in the background taking up resources. The average user probably wouldn't recognize a "glow" as hazardous, however. Perhaps a small red ! icon can appear in front of the file that may be dangerous to open.

I just hope Apple does something about this... I think they would. They seem to care about their OS being the best one on the market. I don't think they would let some trojan knock them off that path.

Attached Files:

macrumors 65816

p0intblank, I cant take credit for the idea, it was posted by another MR member on a separate thread about the new trojan. This seems like an easy enough thing to stop, but then again i am not a programmer, so what do i know.

All i know is a executable, at some level, has to look like an executable to the OS, so why not visually distinguish them from other file types for the user?

Edit: Good point iBlue, but why not make that, and say the "red text" or "exclamation" all on by default with no way of turning them off? No harm in that....

macrumors G5

If you want to side-step definitions of what a virus is (some would call this a very weak virus, others wouldn't), you're best bet is to tell people there's never been an OS X virus that could function without the user's help. (Several steps of help, in fact.)

macrumors 6502

The best thing that apple can do to fix this problem is require any person buying a Apple computer to pass an intelligence test. If you fail you don't get to own one of their computers. The problem is stupidity and I don't think that it is the job of Apple to protect us from ourselves. My feeling is that if you are dumb enough to open a file from a source you are not sure of then you get what you deserve. Kinda like the idiot that puts his hot fast-food coffee between his legs and then burns himself when it spills. With any luck those idiots will sterilize themselves and we won't have to worry about them dumbing down the gene pool any more then it already is.

macrumors G5

p0intblank, I cant take credit for the idea, it was posted by another MR member on a separate thread about the new trojan. This seems like an easy enough thing to stop, but then again i am not a programmer, so what do i know.

Click to expand...

At first I suggested a mouseover glow effect... but now I think the glow on executables should be a permanent throb. More noticeable, and it wouldn't waste much CPU power since how often do you have to have Finder windows open and showing apps anyway?

Apps in folder pop-up menus from the Dock should throb as well. And in Column view if you have icons turned off, a symbol should throb next to executables.

macrumors member

How do you patch against users downloading and running applications from people they don't know?

Click to expand...

Answer: You don't.

All that happens is that businesses such as Data Doctors open and charge lot's of money to fix people's computers. Data Doctors is making huge amounts of money from stupid users who do stupid things with their computers (mostly PC's). This is good by the way because when I go by a Data Doctors location, I get the opportunity for a laugh. Mostly at the stupid users inside getting repairs. lol

MacRumors attracts a broad audience
of both consumers and professionals interested in
the latest technologies and products. We also boast an active community focused on
purchasing decisions and technical aspects of the iPhone, iPod, iPad, and Mac platforms.